From owner-freebsd-net@freebsd.org Tue Dec 12 11:01:32 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4F484E9418C for ; Tue, 12 Dec 2017 11:01:32 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [78.47.246.247]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id C2F8076239 for ; Tue, 12 Dec 2017 11:01:30 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221] (may be forged)) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id vBCB1MC6015045 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Dec 2017 12:01:22 +0100 (CET) (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: thomas@gibfest.dk Received: from eg.sd.rdtc.ru (eugen@localhost [127.0.0.1]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTP id vBCB1FpU043651; Tue, 12 Dec 2017 18:01:15 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: Changes to route(8) or routing between r325235 and r326782? To: Thomas Steen Rasmussen , freebsd-net@freebsd.org References: <5A2F8BC2.6000105@grosbein.net> <2b2e3b28-f29d-b507-cb81-801666ad4ddf@gibfest.dk> From: Eugene Grosbein X-Enigmail-Draft-Status: N1110 Message-ID: <5A2FB6FB.3020304@grosbein.net> Date: Tue, 12 Dec 2017 18:01:15 +0700 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 In-Reply-To: <2b2e3b28-f29d-b507-cb81-801666ad4ddf@gibfest.dk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=2.2 required=5.0 tests=BAYES_00, LOCAL_FROM, RDNS_NONE, T_DATE_IN_FUTURE_96_Q autolearn=no autolearn_force=no version=3.4.1 X-Spam-Report: * 0.0 T_DATE_IN_FUTURE_96_Q Date: is 4 days to 4 months after Received: * date * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 2.6 LOCAL_FROM From my domains * 1.9 RDNS_NONE Delivered to internal network by a host with no rDNS X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on hz.grosbein.net X-Spam-Level: ** X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Dec 2017 11:01:32 -0000 On 12.12.2017 16:44, Thomas Steen Rasmussen wrote: > On 12/12/2017 08:56 AM, Eugene Grosbein wrote: >> On 12.12.2017 09:31, Thomas Steen Rasmussen wrote: >> >>> After upgrading to r326782 I get the following error when trying to >>> delete the lo0 entry (I have an rc.d script to do it): >>> >>> $ sudo route delete 185.96.180.10 >>> route: writing to routing socket: Address already in use >>> delete host 185.96.180.10 fib 0: gateway uses the same route >>> $ >>> >>> What gives? What do I do now? :) >> You should be using jail+vnet in first place that allows you to get desired behaviour >> by assigning an interface to distinct jail. Take a look at jail(8) manual page >> for vnet and vnet.interface parameters. >> > Hello, > > Thanks, I am aware of vnet and it's uses. I am looking for the reason > why the current method doesn't work anymore. :) Loopback routes were not pinned by mistake that lead to kernel's inability to assign new address/prefix to local interface if such prefix was already installed by means of some routing daemon. This broke stable work of parallel tunnels established to same remote network via distinct WAN paths. > Switching 50+ jails over to vnet is not something you "just do", the > rewriting of firewall rules alone will be quite a job. > > I am also pretty curious as to what people have been doing to solve this > over the last many years while waiting for vimage to become stable? Have > people just not been firewalling between jails? I use ipfw for long time for this task. It filters inter-jail traffic over lo0 just fine.